Information Technology Reference
In-Depth Information
of that type. This can be helpful to administrators for verifying that all critical files, folders,
and registry settings on a computer are protected. This is also helpful for identifying when
an issue occurs with a system resource.
“Reason For Access” Reporting
When an administrator is performing auditing in
Windows Server 2012 R2 and Windows 8, they can now see the reason why an operation
was successful or unsuccessful. Previously, they lacked the ability to see the reason why an
operation succeeded or failed.
Advanced Audit Policy Settings
In Windows Server 2012 R2, there are many new
Advanced Audit Policy settings that can be used in place of the nine basic auditing settings.
These advanced audit settings also help eliminate the unnecessary auditing activities that
can make audit logs difficult to manage and decipher.
Expression-Based Audit Policies
Administrators have the ability, because of Dynamic
Access Control, to create targeted audit policies by using expressions based on user,
computer, and resource claims. For example, an administrator has the ability to create an
audit policy that tracks all Read and Write operations for files that are considered high-
business impact. Expression-based audit policies can be directly created on a file or folder
or created through the use of a Group Policy.
Removable Storage Device Auditing
Administrators have the ability to monitor attempts
to use a removable storage device on your network. If an administrator decides to
implement this policy, an audit event is created every time one of your users attempts to
copy, move, or save a network resource onto a removable storage device.
Configuring Windows Firewall Options
Another security aspect to look into is Windows Firewall. Before I can start talking about
firewall options, you must first understand what a firewall does. A
irewall
is a software
or hardware device that checks the information that is received from an outside (Internet)
or external network and uses that information to determine whether the packet should be
accepted or declined.
Depending on the firewall, you have the ability to check all potential remote users
against Active Directory to verify that the remote user has an authorized domain account.
This process is called
Active Directory account integration
.
Microsoft Windows Server 2012 R2 has a built-in firewall. The following are some of
the configuration options included in the Windows Firewall Settings dialog box:
Domain Profile Tab
On the Domain Profile tab, you have the ability to turn the firewall
on or off by using the Firewall State drop-down menu. When setting the Firewall State
option on this tab, it's for turning the firewall on or off for the domain only. When turning
the firewall on, you also have the ability to block inbound and outbound connections (see
Figure 7.8). Administrators also have the ability to control the Windows Firewall behavior
along with setting up logging.
Search WWH ::
Custom Search